targets

now browsing by tag

 
 

#deepweb | N.J. towns are easy targets for dark web hackers. They won’t always admit being scammed.

Source: National Cyber Security – Produced By Gregory Evans

The ransom demand was electronic.

In 2017, Newark’s computer system was hijacked by a group of hackers from halfway across the world, shutting down municipal services. Officials were given just seven days to come up with $30,000 in Bitcoin or they could kiss the city’s encrypted computer files goodbye.

They paid the ransom.

Cybercrime continues to explode nationwide, according to the Federal Bureau of Investigation’s most recent internet crime report. Last year, federal authorities received more than 350,000 complaints involving internet-based fraud, an increase of 16.7 percent over the previous year. Victim losses across the country in 2018 related to cybercrime totaled $2.71 billion.

In New Jersey, more than 8,400 victims across the state — including businesses, individuals, and government agencies — reported overall cybercrime losses last year of $79.7 million, making the state ninth in the nation for such high-tech theft, the FBI reported.

While much of that involved scams against individuals, businesses and Fortune 500 companies, the masters of the dark web have also been targeting your local tax collector’s office. Dozens of municipal government agencies in New Jersey have been victimized by hackers over the past two years, but have been reluctant to make those attacks public, officials say.

John Cohen, a senior expert on global threats for the Argonne National Laboratory and a professor at the Georgetown University Security Studies Program, said local governments remain easy targets for cyber criminals.

“Their systems remain vulnerable due insufficient security and local governments continue to pay the criminals,” Cohen said. “Until localities change their practices in the regard, they will continue to be targeted.”

In New Jersey, the state’s Office of Homeland Security and Preparedness said it has been tracking the threat of ransomware since 2015 and officials said municipal governments have long been in the mix.

“Many cyber-threat actors are just looking for low-risk targets and something they can monetize,” said Jared Maples, who heads the state agency. “The availability of hacking tools and the increasing number of unsecured internet-connected devices reduces the need for extensive technical skills to carry out successful cyberattacks.”

Officials at the Municipal Excess Liability Joint Insurance Fund, which helps insure public entities across the state, said they have seen a 540% increase in cyber attacks on local government agencies since 2013. About 80 events have been reported over that time, but officials with the fund said they were aware of 50 others that were never formally reported.

“Nobody wants to acknowledge they’ve been victimized,” said Marc Pfeiffer, assistant director of the Bloustein Local Government Research Center at Rutgers University, of the radio silence. Nobody is going to call a press conference to announce someone made off with taxpayer funds, he said.

Maples, meanwhile, believes that what is happening is only going to get worse.

“Cyberspace is a complex, diverse, and fluid security environment with real, persistent, and evolving threats,” he said. “The impacts of cyberattacks will increase as we enter into an era of autonomous systems, artificial intelligence, smart cities, hyper-connectivity, and the convergence of cyber-physical systems and devices.”

MORPHING SCHEMES

While many of the high profile cybercrime cases that have come to light in recent years have involved ransomware, where malicious software delivered by a link that should never have been clicked is used to corrupt and encrypt computer files, that is only one of many weapons commonly employed. According to the FBI, the attack tactic most gaining favor these days is known as Business Email Compromise, or BEC, which targets those who use wire transfers.

The BEC scam works by compromising the email of corporate executives — and sometimes of municipal officials involved in finance — and seeks to redirect wire transfers meant for suppliers or financial institutions to fraudulent accounts both here and abroad.

Earlier this year, Lawrence Espaillat, 41, of Clifton pleaded guilty in connection with a BEC scheme to steal more than $1 million from corporate victims and individuals. Authorities said Espaillat and others incorporated sham businesses and created email addresses, which mimicked but differed slightly from legitimate email addresses of supervisory employees at various companies. Emails from those sham accounts were then used to send what appeared to be requests for payment of legitimate invoices or debts owed by the victims.

Last year in New Jersey, according to state municipal finance officials, at least one unnamed municipality was sent wiring instructions by such a compromised email to change its bond anticipation note payments from what appeared to be one reputable banking institution to another. They sent $40,000 to the other account, which was fraudulent.

In August 2018, the FBI said received a complaint filed on behalf of another New Jersey town that fell victim of another BEC scam, transferring more than $1 million into the fraudulent account. Michael Doyle, an FBI supervisory special agent in New Jersey, would not identify the town, but said the money was recovered through a “financial fraud kill chain” that moves to quickly freeze funds and recall a wire transfer if they are alerted without delay.

Noting the explosion in BEC complaints nationally, Doyle said the nature of cybercrime is changing. More than $1.2 billion in losses were attributed last year to just on compromised business email scams.

“It dwarfs everything else,” the FBI agent said — far more than the $362 million lost to victims in confidence or romance fraud.

Yet while ransomware complaints do not top the list of cybercrime complaints, Doyle suspects what happened in Newark may be happening more than is being reported to authorities. How the money is taken has also morphed, he added, with the use of “money mules” in the United States who act — sometimes unwittingly — as a go-between, so that suspicions are not raised by having money directly wired overseas.

“It used to be jumping out of the country immediately,” Doyle said. Now, potential victims might think it suspicious to be told to send money to an account in Hong Kong. These days, money may be wired through a series of destination points before in lands in somebody’s pocket.

Last November, two Iranian men were indicted in connection with an international wave of ransomware attacks that shut down Newark’s computer systems, and led to the city’s payment of $30,000 to regain control of the city’s electronic files. Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri where charged with running what officials called “an extreme form of 21st century digital blackmail.”

Both men remain at large.

Doyle said cybercrime is still far more likely to target big companies than town hall. Usually municipalities don’t have that kind of money. There’s no revenue stream.

Still, the problem for local government is growing, officials here say.

David N. Grubb, executive director of the Municipal Excess Liability Joint Insurance Fund in Parsippany, said the impact is not insignificant.

“When a municipality gets hit by one of these things, can’t quantify the disruption that occurs. There are things that can’t happen when you are trying to get the system up and running. There is a reputational cost,” he said. It can get residents quite upset.“

A spokeswoman for Newark said the city has made numerous changes and improvements to defend against similar attacks, including improvements to infrastructure, training as well as following professional recommendations that identified security gaps.

“While no amount of preparation protects any organization 100%, the city is in a much better position to thwart similar events,” said the spokeswoman, Crystal Rosa.

At the same time, she said the city is constantly being being targeted.

“Measures put in place, actions following the prior ransomware event, have identified attempts and been successful to date from any in-depth intrusion,” she said.

With three dozen or more New Jersey municipalities the victims of successful hacker attacks in just the last two years, Pfeiffer said local officials are paying more attention, and like Newark, said that the electronic systems of every municipality in the state are under attack daily. Most municipalities now have cyber insurance, he added.

But technology requires management, and that requires time and money.

“There are two things you cannot be without in managing technology,” he said. “You have to have somebody you trust advising you on technology. And you have to have a sound backup plan.”

Ted Sherman may be reached at tsherman@njadvancemedia.com. Follow him on Twitter @TedShermanSL. Facebook: @TedSherman.reporter. Find NJ.com on Facebook.

Have a tip? Tell us. nj.com/tips

Get the latest updates right in your inbox. Subscribe to NJ.com’s newsletters.

Source link
——————————————————————————————————

The post #deepweb | <p> N.J. towns are easy targets for dark web hackers. They won’t always admit being scammed. <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#cyberfraud | #cybercriminals | Camden County residents are being warned about a new scam that targets your cellphone

Source: National Cyber Security – Produced By Gregory Evans 0 Camden County residents are being warned about a new scam that targets your cellphone CAMDEN COUNTY, Ga. – We’re always on our smartphones so it’s easy to let our guard down, opening the door for scammers.   Now, our cash and identity can be at risk […] View full post on AmIHackerProof.com

Phishing Campaign Targets Stripe Credentials, …

Source: National Cyber Security – Produced By Gregory Evans

Attackers make use of an old trick and evade detection by blocking users from viewing an embedded link when hovering over the URL.

Researchers have spotted a new phishing campaign targeting credentials and financial data of people using the Stripe payments platform. Emails are disguised as alerts from Stripe support.

Stripe enables e-commerce, facilitates payments, and helps run businesses with its software-as-a-service platform. Online companies use Stripe to receive payments, manage workflows, and update payment card data, among other things. Its millions of global customers include major brands, among them Amazon, Google, Salesforce, Microsoft, Shopify, Spotify, Nasdaq, and National Geographic.

Now attackers are trying to gain access to credentials for Stripe’s platform and the billions of dollars it handles each year. This access could enable the adversaries to steal payment card data and defraud customers, report researchers with the Cofense Phishing Defense Center today.

Emails in the campaign pretend to be notifications from “Stripe Support,” telling the account admin the “details associated with account are invalid.” The admin must take immediate action or the account will be placed on hold, the attacker warns. The idea is to cause fear or panic among businesses that heavily rely on their online transactions and payments to keep running.

These emails include a “Review your details” button with an embedded hyperlink. A common security practice is to hover the mouse over a hyperlink to see its destination. The attackers behind the campaign blocked this by adding a title to the HTML’s <a> tag. Instead of displaying the URL when a mouse hovers over it, the button simply shows “Review your details” in text.

“When rendered in the email client, instead of seeing the underlying link of that button, you just see the title that pops up,” says Cofense CTO Aaron Higbee. “In this case, the user wouldn’t have been able to see where the misleading domain went.” It’s a common evasion technique.

When clicked, this button redirects targets to a phishing page disguised to imitate Stripe’s customer login page. This part of the attack includes three separate pages: One collects the admin’s email address and password, the second requests the bank account number and phone number, and the third redirects the admin back to the initial Stripe login page with a “Wrong Password” error so they don’t suspect anything.  

Another interesting factor in this attack was the credential compromised, Higbee says. The attackers were able to obtain the login details for a press[@]company[.]org email address, which also granted them access to the victim company’s MailChimp account. This is the platform they ultimately used to launch the phishing campaign, he explains. As a result, the phishing emails appear to originate from the email address of a compromised organization.

“This is saying to me the attackers are looking for ways to make sure their phishing emails are successfully delivered,” Higbee continues. Most people have MailChimp whitelisted, and many companies use it for things like password resets.

Red Flags
While the attackers were savvy with HTML, their writing skills could use some work. Misspelled words (“Dear Costumer”) and obvious grammatical mistakes could tip off any user to suspicious activity, Higbee says. Employees who suspect foul play should approach emails with caution.

What’s more, these emails didn’t originate from a “stripe.com” email address, he continues. Even though the display name said Stripe Support, recipients of these emails should also check for a Stripe domain name in the sender’s email address. Higbee also warns people to be wary of emails seemingly intended to provoke fear or urgency, which many attackers prey on.

He suspects this type of attack will continue, especially against users of the payment platform.

“If there is a way for an attacker to automatically discern whether a company uses Stripe, I’d guess this type of attack would be on the rise,” Higbee says. “There’s money at the end of that.”

Related Content:

https://www.darkreading.com/

This free, all-day online conference offers a look at the latest tools, strategies, and best practices for protecting your organization’s most sensitive data. Click for more information and, to register, here.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial … View Full Bio

More Insights

Click here for the Source link

The post Phishing Campaign Targets Stripe Credentials, … appeared first on National Cyber Security.

View full post on National Cyber Security

#cyberfraud | #cybercriminals | Australian small businesses targets of half of all cybercrime

Source: National Cyber Security – Produced By Gregory Evans

Three common small business scams 

1. Fake billing or invoice scams 

The scam: According to the ACCC’s Scamwatch, there have been 8,269 cases of false billing scams resulting in over $7 million in loses in 2019 alone. These scams occur when scammers send out fake invoices to businesses asking for payment for anything from supplies to website domain renewal. They can even be sent from a legitimate supplier or business you commonly deal with if their email address has been compromised. 

How to protect your business: Both Scamwatch and NAB state that the best way for businesses to safeguard themselves against fake billing or invoice scams is through vigilance. Querying invoices or payment requests from unfamiliar sources is a must, as is contacting existing suppliers if they send through an invoice at an unusual time or with a different bank account in order to confirm whether or not it’s legitimate.       

2. Tax scams 

The scam: Many Aussies have likely received a dodgy call from someone pretending to be from the Australian Tax Office and figures show just how common these can be, with the ATO reporting that it had received over 40,000 reports of impersonation scams just in the period from January to April 2019! 

According to NAB, there are two common small business tax scams. The first is scammers claiming to need personal and bank details in order to send a business a tax refund. The second is scammers claiming that a tax debt is owed which needs to be paid immediately (with a credit card, money transfer or even a git card) in order to avoid arrest. 

How to protect your business: While the ATO has stated that it may contact businesses via a phone call, email or SMS, it has also released the following advice to help taxpayers remain cautious: 

– The ATO will not send an email or SMS asking taxpayers to click on a link directing them to any login page

– The ATO will not threaten taxpayers with immediate arrest, jail or deportation

– The ATO will not request payment via iTunes or Google Play cards, prepaid cards, cryptocurrency or to a personal bank account

– The ATO will not request a fee in order to release a refund

3. Payment Scams 

The scam: There a number of different common payment scams, including overpayment scams. 

One example NAB gives is a ‘terminal takeover’ scam in which a scammer asks to take hold of a payment terminal when paying for goods or services. The scammer then cancels the original payment request (often while distracting the cashier) and enters a new payment amount far higher than the original which is then paid for with a stolen credit card. The scammer will then demand that a refund of the difference be made in cash or onto a different card. 

How to protect your business: NAB recommends that in-person payments using a terminal are always conducted behind a counter so that potential scammers can’t edit a transaction themselves and that if a refund does need to be made, it should be done using the original card the customer provided. 

Looking for more small business resources? 

Check out the Mozo business banking hub for the latest small business news and a range of helpful guides, as well as comparison tables featuring some of the hottest business loans, business credit cards and business bank accounts around.

Source link

The post #cyberfraud | #cybercriminals | Australian small businesses targets of half of all cybercrime appeared first on National Cyber Security.

View full post on National Cyber Security

Lebanese #Hackers that #Spied on #Targets from 21 #Countries #Exposed

Source: National Cyber Security – Produced By Gregory Evans

The intelligence agency of Lebanon seemingly has been caught carrying out espionage operations against numerous people of whom military personnel and journalists are included, across at least twenty countries say researchers from one mobile security firm called Electronic Frontier Foundation and Lookout.

One prominent hacking scheme associated with a most robust intelligence and security agency inside Lebanon is now publicly known following unskilled spies leaving stolen data sized several hundred GBs openly on the Web, states a report released January 18.

Read More….

The post Lebanese #Hackers that #Spied on #Targets from 21 #Countries #Exposed appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Iranian #Hackers Have Set Up a #News Outlet to #Court Possible #Targets, #Security Firm Says

Iranian #Hackers Have Set Up a #News Outlet to #Court Possible #Targets, #Security Firm SaysAn Iranian cyber espionage group known as Charming Kitten is believed to be behind a campaign targeting academic researchers, human rights activists, media outlets and political advisors focusing on Iran, according to a report published earlier this week by Israel-based threat intelligence company ClearSky Cyber Security. The group has also set up a news outlet […] View full post on AmIHackerProof.com | Can You Be Hacked?

Software developers are easy targets for hackers study finds

Source: National Cyber Security – Produced By Gregory Evans

Netsparker Ltd., a company in the web applications security industry, has released survey results showing that most software developers make themselves easy targets for hackers, even when they are behind a corporate firewall. The primary reason is not that their web server software is out of date, however. Instead, it…

The post Software developers are easy targets for hackers study finds appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

These Are the Known Targets in the Petya Ransomware Attack So Far

Source: National Cyber Security – Produced By Gregory Evans

A global ransomware attack on Tuesday hit computers at Russia’s biggest oil company, Ukraine’s international airport, global shipping firm A.P. Moller-Maersk, and the world’s biggest advertising agency WPP. Following is a list of companies and organizations that have reported being hit by cyber attacks: ROSNEFT Russia’s top oil producer Rosneft…

The post These Are the Known Targets in the Petya Ransomware Attack So Far appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Smart Fridges, Ovens Make For Easy Hacking Targets

Source: National Cyber Security – Produced By Gregory Evans

Smart Fridges, Ovens Make For Easy Hacking Targets

There was a massive 54% increase in the number of records stolen by cyber criminals across the globe in 2016, and the expanding adoption of connected devices is increasing the danger of hacking, Wipro Ltd said in its State of Cybersecurity Report. The report found that the emergence of smart…

The post Smart Fridges, Ovens Make For Easy Hacking Targets appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hackers have developed a WannaCry copycat that targets Android smartphones

more information on sonyhack from leading cyber security expertsSource: National Cyber Security – Produced By Gregory Evans Security experts are warning about a new form of ransomware that is being used to target Android smartphones. The ransomware, dubbed WannaLocker, was discovered by Avast, and has been targeting Android users in China. The creators of the ransomware are said to have taken inspiration from […] View full post on AmIHackerProof.com | Can You Be Hacked?